Impact Training Solutions


Impact Training Solutions is committed to a policy of protecting the rights and privacy of individuals, including but not limited to learners, our staff and anyone else we engage with, in accordance with the Data Protection Act. Impact Training Solutions needs to process certain information about the learners, our staff and other individuals it has dealings with for administrative purposes e.g. to recruit and pay staff, to administer courses and training, to record training progress and to comply with our legal obligations to funding bodies and government. To comply with the law, information about individuals must be collected and used fairly, stored safely and securely and not disclosed to any third party unlawfully.

The policy applies to all staff within the company. Any breach of the Data Protection Act 1998 or the company Data Protection Policy is considered to be an offence and in that event, Impact Training Solutions disciplinary procedures will apply. As a matter of good practice individuals working with the company who have access to personal information will be expected to have read and comply with this policy.

Data Protection Strategy


To ensure that the Data Protection Policy is delivered and achieved a number of strategies are maintained. These strategies will be reviewed annually by our Senior Management Team.

Responsibilities under the Data Protection Act


Impact Training Solutions is the data controller under the Act.
A Data Protection Officer has been appointed who is responsible for day-to-day data protection matters and for developing specific guidance notes on data protection issues for members of the Company.
The Senior Management Team and all those in managerial or supervisory roles are responsible for developing and encouraging good information handling practice within their teams.
Compliance with data protection legislation is the responsibility of all members of the Company who process personal information.
Members of the Company are responsible for ensuring that any personal data supplied to the Company are accurate and up-to-date.

Principles of data protection outlined in the Data Protection Act


Anyone processing personal data must comply with the eight enforceable principles of good practice. These state that data must be:
Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Accurate
Not kept longer than necessary
Processed in accordance with the data subject's rights
Secure
Not transferred to countries without adequate protection.